This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/D200gwF5PhavFIvDI-DA_ETskbU.roa
File:                     D200gwF5PhavFIvDI-DA_ETskbU.roa (raw, json)
Hash identifier:          23mlBs0ZwL/RlO4+J/Mq0SDM+0vrZf4uRKhGZ2Ws7E8=
Subject key identifier:   0F:6D:34:83:01:79:3E:16:AF:14:8B:C3:23:E0:C0:FC:44:EC:91:B5
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019B7835216EB176D529FBB52D44AA5A68D9
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/D200gwF5PhavFIvDI-DA_ETskbU.roa
Signing time:             Thu 01 Jan 2026 06:18:26 +0000
ROA not before:           Thu 01 Jan 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142561
IP address blocks:        45.145.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:21:6e:b1:76:d5:29:fb:b5:2d:44:aa:5a:68:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  1 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f6d348301793e16af148bc323e0c0fc44ec91b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:02:e9:4c:76:50:a6:c9:3e:9a:e3:88:78:65:
                    e1:49:d4:17:9f:6d:b2:b3:cb:c0:63:ce:96:d3:40:
                    49:90:6f:80:a1:e4:8b:8b:91:51:c9:56:5e:a5:2d:
                    87:f8:03:76:4d:37:d7:a7:61:62:bd:3f:b4:4f:11:
                    dd:a7:22:6d:db:d9:bd:01:2e:5c:b0:97:a0:fa:81:
                    c9:22:5e:f2:b1:3f:99:c3:16:10:61:2e:f0:ef:5c:
                    a8:fc:31:81:13:bd:77:e7:5a:ea:d4:4c:16:ad:67:
                    bb:4d:87:08:26:3b:08:b1:b6:d9:44:7d:26:bd:ea:
                    88:af:c8:38:01:ae:58:7d:83:00:1a:13:a8:bb:77:
                    e4:fd:45:01:b3:ce:96:35:8e:ee:b0:72:37:27:ae:
                    73:f0:ff:39:9b:d9:cf:f4:51:c9:b8:26:9a:18:ba:
                    ca:b3:43:5b:46:41:d7:fa:f0:38:b4:0b:6c:1c:68:
                    be:20:07:d7:aa:9e:f4:84:b6:fd:01:aa:45:32:61:
                    fb:3d:8a:38:06:59:21:38:d1:4c:59:c9:77:9f:8c:
                    30:24:d7:8c:51:3c:53:fb:10:2b:93:a3:1e:3e:ee:
                    9c:b7:48:04:fa:c2:7a:30:27:a2:59:ba:c8:f3:46:
                    8d:20:91:75:09:11:02:0e:6a:58:f8:e9:85:89:a9:
                    9e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:6D:34:83:01:79:3E:16:AF:14:8B:C3:23:E0:C0:FC:44:EC:91:B5
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/D200gwF5PhavFIvDI-DA_ETskbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:43:ab:bb:7b:b1:97:8f:ff:3d:4e:20:b4:27:25:8d:e0:1d:
         7c:08:81:6d:9f:36:94:ed:6d:d9:61:f4:be:1e:c7:d8:1a:f2:
         e7:e6:f6:f6:68:b9:81:d6:1b:61:79:bb:88:0e:02:7c:67:e2:
         f1:a2:a4:79:dd:21:22:de:80:26:07:66:e8:9f:b7:4d:43:3b:
         c9:20:40:2f:3a:52:d0:68:6b:eb:c1:f3:8f:16:52:6f:3f:93:
         cf:d9:f7:bc:4d:14:12:d4:00:84:4e:65:1e:56:02:98:da:25:
         28:c4:ae:2d:29:42:a1:bd:3e:d7:34:45:d9:d2:28:e7:d8:56:
         ce:3e:9e:4e:b1:74:be:4b:1f:69:d5:19:9b:08:ac:34:67:b2:
         9d:93:b0:f6:65:c2:c7:2d:d2:14:ed:65:90:ca:8a:2a:09:6c:
         91:68:c6:b9:34:08:e2:24:e2:36:af:ad:7d:19:79:64:f2:76:
         67:60:a7:0b:07:7e:b4:30:8f:2c:ba:d7:d8:fd:99:35:cf:27:
         f2:ca:09:4a:20:89:ce:7c:ee:18:5a:9c:0c:64:d2:9b:9a:79:
         68:4b:4c:17:05:89:58:9e:7c:0e:07:b2:3d:cf:bf:27:45:c4:
         f7:d7:05:9f:fb:ec:da:93:d8:d5:46:4d:0a:6b:3a:16:38:19:
         b4:4f:a6:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NSFusXbVKfu1LUSqWmjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwMTAxMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjZkMzQ4MzAxNzkzZTE2YWYxNDhiYzMyM2UwYzBmYzQ0ZWM5MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwLpTHZQpsk+muOIeGXhSdQXn22y
s8vAY86W00BJkG+AoeSLi5FRyVZepS2H+AN2TTfXp2FivT+0TxHdpyJt29m9AS5c
sJeg+oHJIl7ysT+ZwxYQYS7w71yo/DGBE71351rq1EwWrWe7TYcIJjsIsbbZRH0m
veqIr8g4Aa5YfYMAGhOou3fk/UUBs86WNY7usHI3J65z8P85m9nP9FHJuCaaGLrK
s0NbRkHX+vA4tAtsHGi+IAfXqp70hLb9AapFMmH7PYo4BlkhONFMWcl3n4wwJNeM
UTxT+xArk6MePu6ct0gE+sJ6MCeiWbrI80aNIJF1CRECDmpY+OmFiameRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9tNIMBeT4WrxSLwyPgwPxE7JG1MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvRDIwMGd3RjVQaGF2Rkl2REktREFfRVRza2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGZMA0G
CSqGSIb3DQEBCwUAA4IBAQAGQ6u7e7GXj/89TiC0JyWN4B18CIFtnzaU7W3ZYfS+
HsfYGvLn5vb2aLmB1hthebuIDgJ8Z+LxoqR53SEi3oAmB2bon7dNQzvJIEAvOlLQ
aGvrwfOPFlJvP5PP2fe8TRQS1ACETmUeVgKY2iUoxK4tKUKhvT7XNEXZ0ijn2FbO
Pp5OsXS+Sx9p1RmbCKw0Z7Kdk7D2ZcLHLdIU7WWQyooqCWyRaMa5NAjiJOI2r619
GXlk8nZnYKcLB360MI8sutfY/Zk1zyfyyglKIInOfO4YWpwMZNKbmnloS0wXBYlY
nnwOB7I9z78nRcT31wWf++zak9jVRk0KazoWOBm0T6YR
-----END CERTIFICATE-----